Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Determining the encryption used

from [Tonnerre Lombard] Network Security [Permanent Link]
Subject: Re: Determining the encryption used
Date: Fri, 12 May 2006 06:58:31 +0100 
Salut,

On Thu, 2006-05-11 at 18:20, John Madden wrote:

Is it possible to determine the encryption used by
"looking" at the encrypted results or lenght ?


A perfect symmetric cipher returns a big bunch of random bytes. 


I know that with Base64 it's pretty easy because of
the "==" at the end.


base64 is an encoding. Even EBCDIC is more secure than that these days.
:-P

(BTW, the DES encoding is also not very hard to determine. ;-)


Also if there are any tools besides openssl that you
found usefull to try all the cipher, consecutively
with a passphrase/keyword against a file/string


It would decrypt about anything to about anything else.

In fact, most programs that support different encryption types do in
fact have some kind of "envelope" to stick their data into. This
"envelope" is mostly implementation specific but contains all
information about the ciphers used. However, most of the time it is
transferred with asymmetric crypto on, so it's a bit hard to tell unless
someone really broke it.

However, most applications have a default preference. That is, nowadays
most programs are somewhat AES-192-phile even though noone would
actually recommend the use of AES (I hope).

However, passwords or whatever stored in a database are not encrypted
with a symmetric cipher most of the time (Except for DES "encoded"
passwords). In this area you can usually tell the hash by the length of
the stored data (but you can't correlate it to the length of the
original input):

7 bytes / 56 bit -> DES
32 bytes / 256 bit -> MD5 or SHA2
40 bytes / 320 bit -> SHA1
64 bytes / 512 bit -> SHA2
96 bytes / 768 bit -> SHA2

The byte values assume that you use hexadecimal encoding. With base64,
they're different of course. Refer to the number of used bytes then.

BTW, if you're free to choose a hash function for your program, don't
use DES, MD5 or SHA1. DES isn't worth anything more than EBCDIC these
days, MD5 has 8 bit of security margin left (so if you attack it, you
need to bruteforce 256 possibilities to find a collision - not really
hard to do), and SHA1 isn't that much safer anymore either. SHA2 isn't
really good at that, but at least it didn't fall apart that much yet.

Call to everyone: we need a new decent hash function!

                            Tonnerre
-- 
SyGroup GmbH
Tonnerre Lombard

Loesungen mit System
Tel:+41 61 333 80 33    Roeschenzerstrasse 9
Fax:+41 61 383 14 67    4153 Reinach
Web:www.sygroup.ch      tonnerre.lombard@sygroup.ch

Attachment: signature.asc
Description: This is a digitally signed message part

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Pentester convicted.., Dotzero
Next by Date:  RE: Determining the encryption used, Sahir Hidayatullah
Previous by Thread:  Re: Determining the encryption used, Peter Kosinar
Next by Thread:  Re: Determining the encryption used, Tim
Indexes:  [Date] [Thread] [Top] [All Lists]